P
US8359658B2ActiveUtilityPatentIndex 57

Secure authoring and execution of user-entered database programming

Assignee: MICROSOFT CORPPriority: Nov 20, 2007Filed: Mar 15, 2008Granted: Jan 22, 2013
Est. expiryNov 20, 2027(~1.4 yrs left)· nominal 20-yr term from priority
Inventors:JACOB SANJAYVOGT ROBERT LSCHMIDT KEVIN ROBERTYANG XIAOHONG MARKYAN PEIYUAN
G06F 21/6218G06F 2221/2145G06F 2221/2147
57
PatentIndex Score
2
Cited by
25
References
20
Claims

Abstract

A secure framework for authoring and execution of user-entered database scripts, rules, procedures and other forms of programming is provided. A performance management application is used as an interface between a client data modeling, manipulation or analysis application and one or more data sources or analysis services to prevent malicious or inadvertent implementation of harmful, damaging and/or unauthorized new or modified scripts, rules, procedures or other forms of programming to one or more data sources or data analysis/manipulation services that may be used for retrieving, storing, modifying or using data contained in or affected by the one or more data sources or data analysis/manipulation services.

Claims

exact text as granted — not AI-modified
1. A method for secure authoring and execution of user-entered database programming, comprising:
 allowing creation and storage of programming, including native programming, to be applied to one or more data items including enabling creation of the native programming for a data management application in part using a native rule flag; 
 receiving the programming via a data modeling/analysis application to be applied to the one or more data items including using an isactive flag to activate a native rule associated with the native programming; 
 using an inactive flag as part of ensuring the programming to be applied to the one or more data items is set to an inactive state so that the programming may not be applied to the one or more data items without permission including setting the native rule flag to the inactive state for the native rule after any modification and requiring approval of each modified native rule before application and using the native rule flag to control application of the native programming in the data management application including checking the native rule flag when each native rule is executed from any code path; 
 approving application of the programming to the one or more data items; and 
 applying the programming to the one or more data items after the approving. 
 
     
     
       2. The method of  claim 1 , wherein allowing creation and storage of a programming to be applied to one or more data items includes using the data management application as a gatekeeper to prohibit applying the native programming until after approval using the isactive flag. 
     
     
       3. The method of  claim 2 , wherein programming the data management application to allow creation and storage of the programming to be applied to the one or more data items includes setting an “Allow Native SQL\MDX Rules” flag at the data management application. 
     
     
       4. The method of  claim 1 , wherein receiving the programming to be applied to the one or more data items includes receiving the programming via the data modeling/analysis application operative to construct a data modeling/analysis programming for application to the one or more data items, the data modeling/analysis programming including the programming to be applied to the one or more data items. 
     
     
       5. The method of  claim 1 , wherein approving application of the programming to the one or more data items includes approving application of the programming to the one or more data items via the data management application. 
     
     
       6. The method of  claim 5 , wherein ensuring the programming to be applied to the one or more data items is set to an inactive state so that the programming may not be applied to the one or more data items without permission includes ensuring the created and stored programming is set an inactive state until a permission is received to set the programming to an active state. 
     
     
       7. The method of  claim 6 , wherein approving application of the programming to the one or more data items includes setting the programming to an active state to allow application of the programming to the one or more data items. 
     
     
       8. The method of  claim 7 , wherein setting the programming to an active state to allow application of the programming to the one or more data items includes setting the programming to an active state to allow application of the programming to the one or more data items via the data management application. 
     
     
       9. The method of  claim 1 , wherein applying the programming to the one or more data items includes applying a data model to the one or more data items, the data model including the programming to be applied to the one or more data items. 
     
     
       10. The method of  claim 9 , prior to applying the data model to the one or more data items, ensuring the programming to be applied to the one or more data items is allowed to be applied to the one or more data items. 
     
     
       11. The method of  claim 10 , wherein ensuring the programming is allowed to be applied to the one or more data items includes ensuring that an “Allow Native SQL\MDX Rules” flag is enabled for the programming to be applied to the one or more data items. 
     
     
       12. The method of  claim 11 , wherein ensuring the programming is allowed to be applied to the one or more data items includes ensuring the programming is allowed to be applied to the one or more data items via the data management application. 
     
     
       13. The method of  claim 1 , wherein if any modifications to the programming are received prior to application of the programming to the one or more data items, disenabling application of the modified programming to the one or more data items until permission for application of the modified programming is received. 
     
     
       14. The method of  claim 1 , wherein allowing creation and storage of programming to be applied to one or more data items, includes allowing creation of any script, rule, procedure and/or other form of programming operative against a database data item or database operation. 
     
     
       15. A system for secure authoring and execution of user-entered database programming, comprising:
 at least one processor and memory; 
 a data modeling/analysis application to construct a programming that includes native programming; and 
 a database management application operative:
 to allow creation and storage of the programming to be applied to one or more data items and enable creation of the native programming in part using a native rule flag including checking the native rule flag when each native rule is executed from any code path; 
 to receive the programming to be applied to the one or more data items; 
 to use an inactive flag in part to ensure that the native programming to be applied to the one or more data items is set to an inactive state so that the native programming may not be applied to the one or more data items without permission including setting the native rule flag to an inactive state for a modified native rule and requiring approval of each modified native rule before application; 
 to approve application of the programming to the one or more data items; and 
 to apply the programming to the one or more data items. 
 
 
     
     
       16. The system of  claim 15 , further comprising:
 the data modeling/analysis application operative
 to construct a data modeling/analysis programming for application to one or more data items including the programming to be applied to the one or more data items; and 
 
 a database application operative
 to maintain the one or more data items; and 
 to receive and apply the programming to the one or more data items. 
 
 
     
     
       17. The system of  claim 16 , wherein the data management application is further operative to pass the programming to be applied to the one or more data items to the database application. 
     
     
       18. The system of  claim 17 , wherein the database management application is further operative
 to set an “Allow Native SQL\MDX Rules” flag to enabled to allow creation and storage of the programming to be applied to the one or more data items; and 
 to set the programming to be applied to the one or more data items to an active state to allow application of the programming to the one or more data items. 
 
     
     
       19. A computer storage device containing computer readable instructions which when executed by a computer perform a method for secure authoring and execution of user-entered database programming, comprising:
 allowing creation and storage of a database rule via a data modeling/analysis application to be executed against one or more data items maintained by a database management application, including creating native programming in part using a native rule flag including checking the native rule flag when each native rule is executed from any code path; 
 receiving a request at a database management application for execution of the database rule against the one or more data items; 
 using an inactive flag at the database management application as part of ensuring the database rule to be executed against the one or more data items is set to an inactive state so that the database rule may not be executed against the one or more data items without permission including setting the native rule flag to the inactive state for the native rule after any modification and requiring approval of each modified native rule before application; 
 using an is active flag at the database management application as part of approving execution of the database rule against the one or more data items; 
 passing the database rule to the database application for execution against the one or more data items; and 
 executing the database rule against the one or more data items. 
 
     
     
       20. The computer storage device of  claim 19 , wherein approving execution of the database rule against the one or more data items includes: at the database management application, setting the database rule to an active state to allow execution of the database rule against the one or more data items.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.